def fulltext_search(request, query, limit): # query index index = get_index() parser = QueryParser('value', index.schema) with index.searcher() as searcher: query = parser.parse(query) results = searcher.search(query, limit=limit) results = results_to_instances(request, results) # helper for limit def limited(res): if limit is not None: return res[:limit] return res # if authenticated, return all draft and published results authenticated = bool(authenticated_userid(request)) if authenticated: return limited( [res for res in results if res.state in ['draft', 'published']]) # check for submitter submitter = get_submitter(request) if submitter: return limited( [res for res in results if res.state == 'published' or (res.state == 'draft' and submitter == res.submitter)]) # return only public results return limited([res for res in results if res.state == 'published'])
def json_references(model, request, search_references, limit, extract_title=None): term = request.params['q'] # authenticated gets all authenticated = bool(authenticated_userid(request)) if authenticated: records = search_references(request, term, limit=limit) # anonymous gets published else: records = search_references( request, term, state=['published'], limit=limit) # additionally add by submitter submitter = get_submitter(request) if submitter: records += search_references( request, term, state=['draft'], submitter=submitter, limit=limit) # create and return result result = list() for record in records: if extract_title is not None: name = extract_title(record) else: name = record.title result.append({ 'id': str(record.uid), 'text': name, }) return sorted(result, key=lambda x: x['text'])
def listable_children(self): authenticated = authenticated_userid(self.request) submitter = get_submitter(self.request) if submitter and not authenticated: def query(cls): return session.query(cls.uid)\ .filter(cls.submitter == submitter).all() else: creator = authenticated def query(cls): return session.query(cls.uid)\ .filter(cls.creator == creator).all() root = self.model.root def fetch_node(container, uid): return container[str(uid)] nodes = list() session = get_session(self.request) attachments = root['attachments'] for record in query(AttachmentRecord): nodes.append(fetch_node(attachments, record[0])) facilities = root['facilities'] for record in query(FacilityRecord): nodes.append(fetch_node(facilities, record[0])) locations = root['locations'] for record in query(LocationRecord): nodes.append(fetch_node(locations, record[0])) occasions = root['occasions'] for record in query(OccasionRecord): nodes.append(fetch_node(occasions, record[0])) return nodes
def actions(self): if self.is_backend: return False authenticated = bool(authenticated_userid(self.request)) if not authenticated and not get_submitter(self.request): return False return True
def prepare(_next, self): submitter = get_submitter(self.request) if not self.authenticated: if not submitter: raise Forbidden if submitter != self.model.attrs['submitter']: raise Forbidden _next(self)
def show_note(self): authenticated = authenticated_userid(self.request) if authenticated: return False if self.model.state == 'published': return False submitter = get_submitter(self.request) if not submitter or self.model.attrs['submitter'] != submitter: return False return True
def check_submitter_access(model, request): authenticated = authenticated_userid(request) if not authenticated: submitter = get_submitter(request) if model.attrs['state'] != 'published': if not submitter: raise Forbidden if model.attrs['submitter'] != submitter: raise Forbidden if model.attrs['state'] != 'draft': raise Forbidden
def can_edit(self): authenticated = bool(authenticated_userid(self.request)) if not authenticated: submitter = get_submitter(self.request) if not submitter: return False if self.model.attrs['submitter'] != submitter: return False if self.model.attrs['state'] != 'draft': return False return True
def extract_locations(request, record, result): cls = record.__class__ if cls is LocationRecord: # check ignoring not authenticated authenticated = bool(authenticated_userid(request)) if not authenticated and record.state != 'published': submitter = get_submitter(request) # no submitter, ignore if not submitter: return # wrong submitter, ignore if record.submitter != submitter: return # wrong state, ignore if record.state != 'draft': return uid = str(record.uid) query = make_query(**{UX_IDENT: UX_FRONTEND}) target = make_url( request, path=[value_containers[cls], uid], query=query, ) result[uid] = { 'value': value_extractors[cls](record), 'action': value_actions[cls], 'target': target, 'lat': record.lat, 'lon': record.lon, 'state': record.state, } elif cls is FacilityRecord: for location in record.location: extract_locations(request, location, result) elif cls is OccasionRecord: for location in record.location: extract_locations(request, location, result) for facility in record.facility: extract_locations(request, facility, result) elif cls is AttachmentRecord: for location in record.location: extract_locations(request, location, result) for facility in record.facility: extract_locations(request, facility, result) for occasion in record.occasion: extract_locations(request, occasion, result)
def visible_references(self): records = list() authenticated = bool(authenticated_userid(self.request)) submitter = get_submitter(self.request) for record in self.reference_records: # check ignoring not authenticated if not authenticated and record.state != 'published': # no submitter, continue if not submitter: continue # wrong submitter, continue if record.submitter != submitter: continue # wrong state, continue if record.state != 'draft': continue records.append(record) return records
def json_locations_in_bounds(model, request): # bounds north, south, west, east = ( request.params['n'], request.params['s'], request.params['w'], request.params['e'], ) # authenticated gets all locations authenticated = bool(authenticated_userid(request)) if authenticated: records = locations_in_bounds(request, north, south, west, east) # anonymous gets published locations else: records = locations_in_bounds( request, north, south, west, east, state=['published']) # additionally add records by submitter submitter = get_submitter(request) if submitter: records += locations_in_bounds( request, north, south, west, east, state=['draft'], submitter=submitter) # create result result = list() for record in records: uid = str(record.uid) query = make_query(**{UX_IDENT: UX_FRONTEND}) target = make_url( request, path=[value_containers[LocationRecord], uid], query=query, ) result.append({ 'value': value_extractors[LocationRecord](record), 'action': value_actions[LocationRecord], 'target': target, 'lat': record.lat, 'lon': record.lon, 'state': record.state, }) return result
def __call__(self, model, request): if not authenticated_userid(request): if not get_submitter(request): raise Forbidden return super(SubmitterContentsTile, self).__call__(model, request)
def table_title(self): authenticated = authenticated_userid(self.request) if authenticated: return authenticated return get_submitter(self.request)
def prepare(_next, self): submitter = get_submitter(self.request) if not self.authenticated: if not submitter: raise Forbidden _next(self)
def save(_next, self, widget, data): if not self.authenticated: submitter = get_submitter(self.request) self.model.attrs['submitter'] = submitter _next(self, widget, data)